I'm new here, so I hope I'm giving every information I should.
I'm having a problem on my computer with Malware. I've installed an exe I shouldn't and it started installing a lot of programs on my computer and opening new tabs on Chrome. It installed things like "MyBestOffersToday", "SpaceSoundPro", an Opera launcher, a lot of other programs which I couldn't uninstall and when asked if I wanted to remove from the list on Programs and Features, I said yes so I don't even know if they are still there.
In the middle of all the junk that was appearing on Task Manager, I've noticed one program I couldn't close the process called apphguotoloS. Searching on Google, took me to this threat http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=64154.
I've tried using some advices like Fixlist.txt with FRST.exe and Malwarebytes' Anti-Malware... FRST seemed to solve the problem with the Malware, but something ruined my internet connection. I can connect to my router, but don't have Internet access... Despite that, I've made the download of Malwarebytes' Anti-Malware on another computer and installed on the computer with the problem... Couldn't update the database since I didn't have Internet connection, but still the program was able to found a lot of errors. At this moment, I still have at least two programs on Programs and Features I cannot uninstall and are asking me if I want to remove from the list and a program called runonce.exe on task manager which prevents explorer.exe from opening. I don't know if all Malware was deleted and my computer is okay or not.
If someone could help me, I would be quite appreciated.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-01-2015 01
Ran by Gonçalo (administrator) on GONÇALO-TOSHIBA (11-01-2016 10:28:25)
Running from C:\Users\Gonçalo\Desktop
Loaded Profiles: Gonçalo (Available Profiles: Gonçalo)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Português (Portugal)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Popcorn Time) C:\Program Files\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.1\GoogleCrashHandler.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [1734144 2013-05-29] (iSkySoft)
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\iTube Studio\DelayPluginI.exe [1960288 2015-08-19] ()
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-02-21] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-02-21] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1064512 2013-11-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [mbot_pt_014010202] => "C:\Program Files\mbot_pt_014010202\mbot_pt_014010202.exe"
HKLM\...\Run: [WindoWeather] => "C:\Program Files\WindoWeather\WindoWeather.exe" monetize
HKLM\...\Run: [QualityChecker] => C:\Program Files\QualityChecker\QC.exe [156792 2016-01-04] ()
HKLM\...\RunOnce: [QualityChecker] => C:\Program Files\QualityChecker\QC.exe [156792 2016-01-04] ()
HKU\S-1-5-21-3268735155-487900952-46356077-1001\...\Run: [Spotify Web Helper] => C:\Users\Gonçalo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-08] (Spotify Ltd)
HKU\S-1-5-21-3268735155-487900952-46356077-1001\...\Run: [GoogleChromeAutoLaunch_496EFAF177E0DE33F593DA9A51967293] => C:\Program Files\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-3268735155-487900952-46356077-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIMDE.EXE [262208 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-01-08] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\ApphguotoloS\Lamnix.dll => No File
Startup: C:\Users\Gonçalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk [2016-01-11]
ShortcutTarget: Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: iSkysoft iTube Studio 4.3.0 -> {1A6B6AD0-2735-498F-834C-AFCEA37847C2} -> C:\ProgramData\iSkysoft\iTube Studio\WSBrowserAppMgr.dll [2015-08-19] (Wondershare)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA - No File
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-23] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [ISAllmytube@iSkysoft.com] - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com
FF Extension: iSkysoft iTube Studio - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com [2015-10-10] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.pt/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP47E0B1AB-5B5B-4650-AF6D-DBF5121FCFF0&SSPV=","hxxp://websearch.searchoholic.info/?pid=21529&r=2015/01/02&hid=17539484079195793811&lg=EN&cc=PT&unqvl=72","hxxp://www.mysites123.com/?type=hp&ts=1452442755&z=8a29128ec64eb5c11a23004gez8wfo9z2z2oam4w7w&from=amt&uid=toshibaxmk8037gsx_971st2vstxx971st2vst","hxxp://www.yoursearching.com/?type=hp&ts=1452502060&z=39c9ca6276d75bced2c2acdg1z4w3oew6e8oce8wdm&from=face&uid=TOSHIBAXMK8037GSX_971ST2VSTXX971ST2VST"
CHR DefaultSearchURL: Default -> hxxp://yoursearching.com/web?type=ds&ts ... 1ST2VST&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yoursearching
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Apresentações Google) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (wareztuga.tv streamer) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnommifabkikkfaponcacapkfaghkcj [2015-02-19]
CHR Extension: (Google Docs) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Filterable Grid View for YouTube™) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\chefgadenjmbjpcaoecdmgdagcjljcmh [2015-11-19]
CHR Extension: (uBlock Origin) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-09]
CHR Extension: (Google Search) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (XJZ Survey Remover) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cphljojhgmnabimjemakjleocdheengh [2015-07-08]
CHR Extension: (Subscriptions Grid For YouTube™) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnjhgnfnmijfkmcddcmffeamphmmeed [2015-11-25]
CHR Extension: (Who Deleted Me) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll [2015-12-20]
CHR Extension: (PanicButton) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2015-11-26]
CHR Extension: (Google Folhas de Cálculo) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Documentos do Google offline) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Facebook Invite All) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2015-11-10]
CHR Extension: (Ahoy!) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljighgeflmhnpljodhpcifcojkpancpm [2016-01-06]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
StartMenuInternet: Google Chrome - Chrome.exe
Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe hxxp://www.yoursearching.com/?type=sc&t ... X971ST2VST
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 hujunywuzbt; C:\Program Files\DC812464-1452444290-4733-E100-001D60F184B2\knsjDE69.tmpfs [X]
S2 TDataSvr; C:\Program Files\TDataDld\TData.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 asiovad; C:\Windows\System32\DRIVERS\asiovad.sys [27336 2014-11-20] (Odeus Audio)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsl0c0a58ec; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E805B35E-70EF-47DB-B35B-0A95FEC3EC95}\MpKsl0c0a58ec.sys [39168 2016-01-11] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R3 protect; C:\Program Files\QualityChecker\qc.sys [10752 2015-12-30] () [File not signed]
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation )
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [27496 2013-09-03] (Wondershare)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-11 10:26 - 2016-01-11 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-11 09:53 - 2016-01-11 10:26 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-11 09:52 - 2016-01-11 10:26 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-11 09:52 - 2016-01-11 09:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-11 09:52 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-11 09:52 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-11 09:52 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-11 09:30 - 2016-01-11 09:30 - 22908888 _____ (Malwarebytes ) C:\Users\Gonçalo\Desktop\mbam-setup-2.2.0.1024.exe
2016-01-11 09:14 - 2016-01-11 09:16 - 00020108 _____ C:\Users\Gonçalo\Desktop\Fixlog.txt
2016-01-11 09:11 - 2016-01-11 09:14 - 00023670 _____ C:\Users\Gonçalo\Desktop\Addition.txt
2016-01-11 09:09 - 2016-01-11 10:28 - 00014014 _____ C:\Users\Gonçalo\Desktop\FRST.txt
2016-01-11 09:08 - 2016-01-11 10:28 - 00000000 ____D C:\FRST
2016-01-11 09:07 - 2016-01-11 09:08 - 01721856 _____ (Farbar) C:\Users\Gonçalo\Desktop\FRST.exe
2016-01-11 08:52 - 2016-01-11 08:58 - 00000000 ____D C:\Users\Gonçalo\AppData\Roaming\systweak
2016-01-10 17:54 - 2016-01-10 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-01-10 17:53 - 2016-01-10 17:53 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-01-10 17:53 - 2016-01-10 17:53 - 00000000 ____D C:\Program Files\VS Revo Group
2016-01-10 17:34 - 2016-01-10 17:34 - 00000296 _____ C:\task.vbs
2016-01-10 17:21 - 2016-01-10 17:33 - 00000000 ____D C:\Program Files\Opera
2016-01-10 17:20 - 2016-01-11 09:18 - 00000000 ____D C:\Program Files\SpaceSoundPro
2016-01-10 17:20 - 2016-01-11 08:26 - 00000008 _____ C:\END
2016-01-10 17:03 - 2016-01-10 17:03 - 00000000 ____D C:\Users\Gonçalo\AppData\Roaming\Mozilla
2016-01-10 16:49 - 2016-01-10 17:00 - 00000000 ____D C:\ProgramData\ApplicationHosting
2016-01-10 16:47 - 2016-01-10 16:47 - 00000000 ____D C:\Program Files\ExploreTech
2016-01-10 16:47 - 2016-01-10 16:41 - 00001002 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-01-10 16:42 - 2016-01-11 10:22 - 00000000 ____D C:\Program Files\QualityChecker
2016-01-02 17:59 - 2016-01-02 17:59 - 00252108 _____ C:\Users\Gonçalo\Desktop\Crazy Factory Piercing.pdf
2015-12-30 08:50 - 2015-12-30 08:51 - 87150434 ____T C:\Users\Gonçalo\Desktop\Incognito - Still a Friend of Mine (Cm).wav
2015-12-19 21:16 - 2015-12-20 15:54 - 00000000 ____D C:\Users\Gonçalo\Desktop\Chapa Dux - #OneLove
2015-12-18 21:53 - 2015-12-29 09:50 - 00002237 _____ C:\Users\Gonçalo\Desktop\Set Passagem de Ano.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-11 10:22 - 2009-07-14 04:53 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-11 10:22 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-11 10:19 - 2015-10-06 11:41 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-11 10:19 - 2015-01-07 22:06 - 00002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-01-11 10:19 - 2015-01-07 18:51 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-01-11 10:19 - 2009-07-14 04:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-01-11 10:19 - 2009-07-14 04:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-01-11 10:19 - 2009-07-14 04:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-01-11 10:18 - 2015-03-07 19:34 - 00001808 _____ C:\Users\Gonçalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-01-11 10:18 - 2015-03-02 01:33 - 00001103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk
2016-01-11 10:18 - 2015-01-08 03:44 - 00000881 _____ C:\Users\Gonçalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Suite.lnk
2016-01-11 10:18 - 2009-07-14 04:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-01-11 10:18 - 2009-07-14 04:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-01-11 10:17 - 2015-06-29 23:19 - 00001942 _____ C:\Users\Gonçalo\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.eu.lnk
2016-01-11 10:17 - 2015-01-08 04:55 - 00000359 _____ C:\Users\Gonçalo\Desktop\Computador.lnk
2016-01-11 09:14 - 2015-11-18 17:14 - 00000917 _____ C:\Windows\Tasks\EPSON WF-2630 Series Update {1E0C0845-6CEC-4E5A-A176-964292702E09}.job
2016-01-11 09:09 - 2009-07-14 02:37 - 00000000 ____D C:\Windows
2016-01-11 08:52 - 2015-01-07 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-11 08:48 - 2015-01-07 20:00 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-11 08:09 - 2009-07-14 04:34 - 00017536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-11 08:09 - 2009-07-14 04:34 - 00017536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-11 08:01 - 2015-01-07 20:00 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-10 15:09 - 2015-12-11 23:38 - 00000000 ____D C:\stremio-cache
2016-01-06 16:41 - 2015-11-18 17:10 - 00000000 ____D C:\Users\Gonçalo\AppData\Roaming\Epson
2016-01-06 16:41 - 2015-11-18 16:58 - 00000000 ____D C:\ProgramData\Epson
2016-01-06 16:19 - 2015-10-06 11:40 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-05 21:06 - 2015-01-07 19:15 - 01654886 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-05 21:06 - 2009-07-14 08:31 - 00720822 _____ C:\Windows\system32\prfh0816.dat
2016-01-05 21:06 - 2009-07-14 08:31 - 00152774 _____ C:\Windows\system32\prfc0816.dat
2016-01-05 21:06 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\inf
2015-12-30 07:50 - 2015-01-08 03:45 - 00000000 ____D C:\ProgramData\Ableton
2015-12-30 07:01 - 2015-04-06 21:25 - 00000000 ____D C:\ProgramData\iSkysoft iTube Studio
2015-12-30 06:51 - 2015-04-06 22:08 - 00000000 ____D C:\ProgramData\xml_param
2015-12-19 03:04 - 2015-04-04 22:47 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-18 20:57 - 2015-11-04 07:20 - 00000000 ____D C:\Users\Gonçalo\AppData\Roaming\stremio
==================== Files in the root of some directories =======
2015-03-24 14:09 - 2015-05-06 02:10 - 0000132 _____ () C:\Users\Gonçalo\AppData\Roaming\Adobe PNG Format CS6 Prefs
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-09 22:39
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-01-2015 01
Ran by Gonçalo (2016-01-11 09:11:52)
Running from C:\Users\Gonçalo\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2015-01-07 19:16:26)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-3268735155-487900952-46356077-500 - Administrator - Disabled)
Convidado (S-1-5-21-3268735155-487900952-46356077-501 - Limited - Disabled)
Gonçalo (S-1-5-21-3268735155-487900952-46356077-1001 - Administrator - Enabled) => C:\Users\Gonçalo
HomeGroupUser$ (S-1-5-21-3268735155-487900952-46356077-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Ableton Live 9 Suite (HKLM\...\{3573AD96-0B2F-4D56-BD66-2370C0F4EA99}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.64.1073 - AB Team, d.o.o.)
Epson Easy Photo Print 2 (HKLM\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{86B4A6B9-07FD-48EC-8730-1EC82E80C3D7}) (Version: 3.10.0030 - Seiko Epson Corporation)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.50.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.20.0000 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EPSON WF-2630 Series Printer Uninstall (HKLM\...\EPSON WF-2630 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
GamesDesktop 009.005010202 (HKLM\...\gmsd_pt_005010202_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
Guitar Pro 6 (HKLM\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
iSkysoft iTube Studio(Build 4.5.0.0) (HKLM\...\iSkysoft iTube Studio_is1) (Version: 4.5.0.0 - iSkysoft Software)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Manuais EPSON (HKLM\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.0.1.0 - SEIKO EPSON CORPORATION)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Native Instruments Kontakt 5 (HKLM\...\Native Instruments Kontakt 5) (Version: - Native Instruments)
Native Instruments Massive (HKLM\...\Native Instruments Massive) (Version: - Native Instruments)
Opera Stable 34.0.2036.25 (HKLM\...\Opera 34.0.2036.25) (Version: 34.0.2036.25 - Opera Software)
PokerStars.eu (HKLM\...\PokerStars.eu) (Version: - PokerStars.eu)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Sample Modeling Mr. Sax T (HKLM\...\Sample Modeling Mr. Sax T) (Version: - )
Software Updater (HKLM\...\{E07D7C7B-F424-4EEF-BA17-B2C32BD1C107}) (Version: 4.3.0 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-3268735155-487900952-46356077-1001\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB)
Stremio (HKU\S-1-5-21-3268735155-487900952-46356077-1001\...\Stremio) (Version: 3.3.1 - Smart Code Ltd.)
SVH (HKLM\...\rec_en_77_is1) (Version: - ) <==== ATTENTION
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
yoursearching uninstall (HKLM\...\yoursearching uninstall) (Version: - yoursearching) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1234825F-75B0-45D3-951F-711541CDAF9B} - System32\Tasks\runTask => C:\Users\Gonçalo\AppData\Local\Temp/Updater.exe
Task: {17926254-6194-488D-B772-2A534153F369} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {1D4906CF-97C6-495B-B0B5-4A5C7D7B5813} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {6EEE9893-D143-42CA-ADF4-B8E0EC64B31F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {B03A9EFF-4106-42F8-9B36-CA9C90F6FABC} - System32\Tasks\EPSON WF-2630 Series Update {1E0C0845-6CEC-4E5A-A176-964292702E09} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSMDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {B5C397AE-CD27-41CE-B419-9D909B84EC82} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {B6D7A44F-3B01-45E9-957B-C0629EDE1C86} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D4F6B847-E18D-4990-BC54-B2D5F5F1F4A0} - System32\Tasks\updateTask => c:\task.vbs [2016-01-10] ()
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\EPSON WF-2630 Series Update {1E0C0845-6CEC-4E5A-A176-964292702E09}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSMDE.EXE:/EXE:{1E0C0845-6CEC-4E5A-A176-964292702E09} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-07-02 15:18 - 2015-07-02 15:18 - 01758208 _____ () C:\Program Files\SpaceSoundPro\SpaceSoundPro.dll
2016-01-10 17:00 - 2016-01-10 16:33 - 00538112 _____ () C:\ProgramData\ApphguotoloS\ApphguotoloS.exe
2016-01-10 16:49 - 2016-01-10 16:33 - 00538112 _____ () C:\ProgramData\ApplicationHosting\ApplicationHosting.exe
2016-01-10 13:43 - 2016-01-10 13:43 - 00202240 _____ () C:\Program Files\DC812464-1452444290-4733-E100-001D60F184B2\knsjDE69.tmpfs
2016-01-10 16:47 - 2016-01-10 16:47 - 00416256 _____ () C:\Program Files\DC812464-1452444290-4733-E100-001D60F184B2\hnse2FAC.tmp
2016-01-10 16:47 - 2016-01-10 16:47 - 00307712 _____ () C:\Program Files\DC812464-1452444290-4733-E100-001D60F184B2\jnse688.tmp
2016-01-10 17:01 - 2016-01-10 17:01 - 00257536 _____ () C:\ProgramData\ApphguotoloS\Lamnix.dll
2015-12-17 10:57 - 2015-12-11 03:54 - 01583432 _____ () C:\Program Files\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-17 10:56 - 2015-12-11 03:54 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-12-26 17:24 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 02:04 - 2016-01-10 16:41 - 00001002 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activation.guitar-pro.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 http://www.czzsyzgm.com
127.0.0.1 http://www.czzsyzxl.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3268735155-487900952-46356077-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254 - 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{430BFE13-5EED-4BAA-AE01-5C494C6DDE3F}Z:\programas\tixati (download de torrents)\tixati_windows.exe] => (Allow) Z:\programas\tixati (download de torrents)\tixati_windows.exe
FirewallRules: [UDP Query User{A54D1824-32D6-4A10-A432-AB4936F3649F}Z:\programas\tixati (download de torrents)\tixati_windows.exe] => (Allow) Z:\programas\tixati (download de torrents)\tixati_windows.exe
FirewallRules: [{25198376-6BDC-4931-9C42-8D8FE6B1BF69}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{BD822D4C-36EB-4512-8E3F-05F799B6297A}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{42C69201-C98C-4082-A007-2EDE858CC840}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{A7512290-1608-4F71-B133-D2FD95DA4EA6}C:\users\gonçalo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gonçalo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{83E64BF7-61EA-47AD-BEE8-E653816F138A}C:\users\gonçalo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gonçalo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E6C3E7AA-F5C7-4D28-A54E-CB8DD69A629C}C:\program files\iskysoft\itube studio\urlreqservice.exe] => (Allow) C:\program files\iskysoft\itube studio\urlreqservice.exe
FirewallRules: [UDP Query User{13C0D00E-4D7C-4D6E-941D-DFD7857978DF}C:\program files\iskysoft\itube studio\urlreqservice.exe] => (Allow) C:\program files\iskysoft\itube studio\urlreqservice.exe
FirewallRules: [TCP Query User{C4834787-4C7A-422B-ADFA-BB9DA862FCEB}C:\users\gonçalo\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\gonçalo\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{D3B97459-B7ED-422B-A366-D4312B589DDB}C:\users\gonçalo\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\gonçalo\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{A54D4A71-49B2-49A5-ABD6-31FD3B8773C0}C:\users\gonçalo\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\gonçalo\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{11016AC2-F6A4-40DA-A490-228E18A6825C}C:\users\gonçalo\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\gonçalo\appdata\local\popcorn time\nw.exe
FirewallRules: [{001BEA9D-DF73-4301-86D8-AEEE05A0CD75}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [{49BB0B51-C0D3-4811-AF59-69346CD95C73}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [TCP Query User{2B53365E-D34F-4D40-9442-D88BFE758828}C:\users\gonçalo\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\gonçalo\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [UDP Query User{7F72EE43-24D7-4DC8-98AC-0F616294C51A}C:\users\gonçalo\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\gonçalo\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [{3FC8F20C-F151-4DBB-9C5A-F2532751E2FD}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{42DC9636-B954-443B-8938-AB2743BB995A}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{4BD9D6F2-6285-44A4-9415-D33A512EB7C0}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{4BC9DDCD-6348-4F45-954E-7006CCEBAE35}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{7A7BAC5D-C627-4B44-B54B-703CEEA3ACD8}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{08F8B019-52F2-466C-8CA7-55743553D61B}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{0C929CBC-CF62-4712-B7DC-09FAA38D0AF1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
05-01-2016 21:14:47 Windows Update
09-01-2016 17:57:00 Windows Update
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/11/2016 08:12:11 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (2416) WindowsMail0: A cópia de segurança parou porque foi interrompida pelo cliente ou a ligação ao cliente falhou.
Error: (01/10/2016 04:49:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: DPE.exe, versão: 1.0.0.0, carimbo de data/hora: 0x55c8a75a
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de excepção: 0xc0000005
Desvio de falha: 0x003c41eb
ID do processo com falha: 0x57c
Data/hora de início da aplicação com falha: 0xDPE.exe0
Caminho da aplicação com falha: DPE.exe1
Caminho do módulo com falha: DPE.exe2
ID do Relatório: DPE.exe3
Error: (01/10/2016 04:49:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicação: DPE.exe
Versão do Framework: v4.0.30319
Descrição: O processo foi terminado devido a uma excepção não processada.
Informações da Excepção: System.NullReferenceException
Pilha:
em A..()
em A..(System.String[])
Error: (01/10/2016 04:40:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa gentlemjmp_ieu.tmp versão 51.52.0.0 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo do Centro de Acção.
ID do Processo: 1138
Hora de Início: 01d14bc2fadb74ba
Hora de Fim: 497
Caminho da Aplicação: C:\Users\GONALO~1\AppData\Local\Temp\is-VEJNC.tmp\gentlemjmp_ieu.tmp
ID do Relatório:
Error: (01/10/2016 02:51:06 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1706.No valid source could be found for product Adobe Refresh Manager. The Windows Installer cannot continue.
Error: (01/06/2016 09:28:57 PM) (Source: MsiInstaller) (EventID: 1024) (User: Gonçalo-TOSHIBA)
Description: Produto: Adobe Acrobat Reader DC - Português - Não foi possível instalar a actualização '{AC76BA86-7AD7-0000-2550-AC0F094E6F00}'. Código de erro 1625. O Windows Installer pode criar registos para ajudar na resolução de problemas de instalação de pacotes de software. Utilize a seguinte hiperligação para obter instruções sobre a activação do suporte de registo: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/22/2015 10:09:11 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=47.0.2526.106;lang=;guid=1D386151AE7D4A5387CE55955213F4CA;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\6cde3e82-d14d-40b1-8266-15c86bbf5bcf.dmp
Error: (12/18/2015 08:59:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicação: DS.exe
Versão do Framework: v4.0.30319
Descrição: O processo foi terminado devido a uma excepção não processada.
Informações da Excepção: System.Runtime.InteropServices.COMException
Pilha:
em Microsoft.Search.Interop.CSearchQueryHelperClass.GenerateSQLFromUserQuery(System.String)
em Microsoft.Samples.WindowsSearch.DSearch.DSearch.Main(System.String[])
Error: (12/07/2015 02:34:28 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=47.0.2526.73;lang=;guid=1D386151AE7D4A5387CE55955213F4CA;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\7093d435-dd8c-4e8d-a168-2ba2ce32d0a6.dmp
Error: (11/18/2015 05:06:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópia Sombra de Volumes: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Este é muitas vezes causado por definições de segurança incorrectas no processo do escritor ou requerente.
Operação:
A Recolher Dados de Escritor
Contexto:
ID de Classe de Escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nome de Escritor: System Writer
ID de Instância de Escritor: {10178741-3739-4cba-ab09-063ca40fb08b}
System errors:
=============
Error: (01/11/2016 09:14:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87
Error: (01/11/2016 09:13:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87
Error: (01/11/2016 09:13:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87
Error: (01/11/2016 09:12:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87
Error: (01/11/2016 09:12:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87
Error: (01/11/2016 09:11:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87
Error: (01/11/2016 09:11:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87
Error: (01/11/2016 09:10:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87
Error: (01/11/2016 09:09:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87
Error: (01/11/2016 09:09:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
Percentage of memory in use: 90%
Total physical RAM: 1015.24 MB
Available physical RAM: 99.63 MB
Total Virtual: 2811.32 MB
Available Virtual: 1204.27 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.52 GB) (Free:34.89 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive z: (Gonçalo WD EXT) (Fixed) (Total:1397.26 GB) (Free:889.87 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 74.5 GB) (Disk ID: DD258F44)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 00025083)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================